Broadband-throttling bug finally gets a write-up and CVE

More than 18 months after the design blunder was first brought to light, Intel is still working to iron out the creases in its Puma high-speed broadband modem chipsets.

In recent weeks, Chipzilla quietly put out an advisory as well as finally confirming a formal CVE entry – CVE-2017-5693 – for the security vulnerability.

When exploited by miscreants, this flaw causes Puma 5, 6, and 7 modem components – used in various high-speed broadband gateways – to suffer performance-wise. A particular pattern of packets exhausts resources within the chipsets, causing spikes in latency, which ruin online gaming and similar interactive tasks, or blowing the hardware off the internet entirely.

First detailed in December 2016, the vulnerability dates back to Puma's Texas Instrument days, but more recently it had shown up in the Puma 5 chipset and Puma 6 and 7 SoCs built and marketed by Intel. The bug potentially allows an attacker to knock a targeted home modem offline or increase connection lag with a relatively small packet payload.

The vulnerability roped Intel into a class-action lawsuit against modem vendor Arris, which was accused of violating US consumer protection laws by selling devices containing the dodgy Puma SoCs.

Meanwhile, the mitigation for the Puma blunder, a modem firmware update to block the sequence of packets that triggers the performance hit, is now being rolled out albeit at a snail's pace.

"Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic," Intel stated in its advisory.

"Intel is working with Internet service providers and manufacturers for retail devices to help deliver to affected devices the updated firmware which mitigates these issues."

Even as Intel works to get the fix out, another problem with Puma may have cropped up. The same users and researchers at the DSLReports.com forums who discovered the underlying design shortcoming that would become CVE-2017-5693 have also found that, in Canada, Rogers modems using the Puma 7 hardware are falling over.

A company performing a security audit at an unnamed Canadian business found that when probing the Puma 7-powered Rogers routers on the WAN side, the boxes crashed and rebooted due to an unknown error, it is claimed.

It is not known whether the crashes are a result of triggering CVE-2017-5693, or the work of a completely new and different bug. Intel did not respond to a request for comment on the report. ®